Fortinet Witnessed Emergence of Asprox Spambot

The malware episode is still dominated by botnets according to the September 2010 Threat Landscape report of the security firm, Fortinet. The firm detected that Sasfis activity soared which was associated with the Asprox spambot that remained silent for more than a year.

The spambot was intended to be used for an email sending campaign. Zipped executable attachments were found in the emails which appeared as fax copies. The attachment turned out to be the Sasfis's copy that downloaded Asprox in order to transfer more spam emails from the users' infected system.

In addition to an increase in Sasfis activity, FortiGuard Labs highlights one variant namely, W32/Katusha.MK!tr. It was analyzed (in September 2010) that this variant downloaded a sniffer module which scans traffic on TCP ports 21, 25 and 110 (FTP, SMTP and POP3). Before sending the traffic present on these ports to a control server in Europe vai HTTP POST, it was processed into encrypted data sets.

According to infosecurity.com on October 1, 2010, the project manager of Cyber Security and Threat Research at Fortinet, Derek Manky commented that FTP credentials which were stolen are often used to hijack web servers and can prove to be quite valuable. It was also observed that the variant downloaded the TotalSecurity ransomware suite which has been high on their malware radar for several weeks.

Fortinet has also revealed the top five malware regions in its monthly report. USA leads with 46.6% of malware variants in September 2010. It is followed by Japan (37.7%), France (28.7%), Taiwan (16.6%) and China (15%) respectively.

Apart from this, the report even unveiled the top spamming countries of the world during September 2010. These include: USA (13.21%), Japan (7.51%), France (5.78%), Taiwan (4.80%) and Italy (2.62%).